PT-2013-2386 · Ibm · Ibm Storwize V7000 Unified

Published

2013-10-17

Updated

2017-08-29

CVE-2013-0500

CVSS v2.0

5.4

Medium

Vector

AV:N/AC:M/Au:M/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions IBM Storwize V7000 Unified versions 1.3.x through 1.4.1

Description The issue arises from improper handling of device files created with the NFS protocol but accessed through non-NFS protocols. This allows remote authenticated users to potentially obtain sensitive information, modify programs or files, or cause a denial of service, resulting in a device crash. The exploitation can occur via various operations, including CIFS, HTTPS, SCP, or SFTP.

Recommendations For IBM Storwize V7000 Unified versions 1.3.x through 1.4.1, update to version 1.4.2.0 or later to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2013-0500

Affected Products

Ibm Storwize V7000 Unified

PT-2013-2386 · Ibm · Ibm Storwize V7000 Unified

CVE-2013-0500

Weakness Enumeration

Related Identifiers

Affected Products

References · 3